145 research outputs found
Measured impact of crooked traceroute
Data collected using traceroute-based algorithms underpins research into the Internet’s router-level topology, though it is possible to infer false links from this data. One source of false inference is the combination of per-flow load-balancing, in which more than one path is active from a given source to destination, and classic traceroute, which varies the UDP destination port number or ICMP checksum of successive probe packets, which can cause per-flow load-balancers to treat successive packets as distinct flows and forward them along different paths. Consequently, successive probe packets can solicit responses from unconnected routers, leading to the inference of false links. This paper examines the inaccuracies induced from such false inferences, both on macroscopic and ISP topology mapping. We collected macroscopic topology data to 365k destinations, with techniques that both do and do not try to capture load balancing phenomena.We then use alias resolution techniques to infer if a measurement artifact of classic traceroute induces a false router-level link. This technique detected that 2.71% and 0.76% of the links in our UDP and ICMP graphs were falsely inferred due to the presence of load-balancing. We conclude that most per-flow load-balancing does not induce false links when macroscopic topology is inferred using classic traceroute. The effect of false links on ISP topology mapping is possibly much worse, because the degrees of a tier-1 ISP’s routers derived from classic traceroute were inflated by a median factor of 2.9 as compared to those inferred with Paris traceroute
Domain Name Lifetimes: Baseline and Threats
The domain name system (DNS) is a key componentof the Internet. The DNS is essentially a hierarchical anddistributed database that involves – and is operated by – manyindependent parties that fulfill various roles. Top-level domainssuch as .com and .co.uk are run by registries. Registrants canregister domain names, usually through so-called registrars, butsometimes directly with the TLD registry.Domain names go through a well-defined life-cycle and namesthat are only short-lived in ways break expectation. In thispaper, we study domain name lifetimes at scale and over a tenyear period. We focus on ten prominent TLDs and observe thatunder most, the vast majority of lifetimes (95%) last exactly theminimum registration term of one year. The exception to thisis .com, which sees 40% of lifetimes renewed for at least onemore year. We also identify lifetimes that are suspiciously shortlived (e.g., 80% under .xyz). Using blocklist data we confirmthat about 25% are reportedly malicious and study indicators ifnames are taken down and how quickly. Finally, we empiricallystudy malicious name registration campaigns and show that thisinvolves registrars that offer bulk registration options
Antitrust Analysis for the Internet Upstream Market: A BGP Approach
In this paper we study concentration in the European Internet upstream access market. The possibility of measuring market concentration depends on a correct definition of the market itself; however, this is not always possible, since, as it is the case of the Internet industry, very often Antitrust authorities lack reliable pricing and traffic data. This difficulty motivates our paper. We present an alternative approach based on the inference of the Internet Operators interconnection policies using micro-data sourced from their Border Gateway Protocol tables. We assess market concentration following a two step process: firstly we propose a price-independent algorithm for defining both the vertical and geographical relevant market boundaries, then we calculate market concentration indexes using two novel metrics. These assess, for each undertaking, both itsrole in terms of essential network facility and of wholesale market dominance. The results, applied to four leading Internet Exchange Points in London, Amsterdam, Frankfurt and Milan, show that some vertical segments of these markets are highly concentrated, while others are extremely competitive. According to the Merger Guidelines some of the estimated market concentration values would immediately fall within the special attention category.Technology and Industry, Other Topics
Recommended from our members
Leveraging Internet Background Radiation for Opportunistic Network Analysis
In this dissertation, we evaluate the potential of unsolicited Internet traffic, called Internet Background Radiation (IBR), to provide insights into address space usage and network conditions. IBR is primarily collected through darknets, which are blocks of IP addresses dedicated to collecting unsolicited traffic resulting from scans, backscatter, misconfigurations, and bugs. We expect these pervasively sourced components to yield visibility into networks that are hard to measure (e.g., hosts behind firewalls or not appearing in logs) with traditional active and passive techniques. Using the largest collections of IBR available to academic researchers, we test this hypothesis by: (1) identifying the phenomena that induce many hosts to send IBR, (2) characterizing the factors that influence our visibility, including aspects of the traffic itself and measurement infrastructure, and (3) extracting insights from 11 diverse case studies, after excluding obvious cases of sender inauthenticity. Through IBR, we observe traffic from nearly every country, most ASes with routable prefixes, and millions of /24 blocks. Misconfigurations and bugs, often involving P2P networks, result in the widest coverage in terms of visible networks, though scanning traffic is applicable for in-depth and repeated analysis due to its large volume. We find, notwithstanding the extraordinary popularity of some IP addresses, similar observations using IBR collected in different darknets, and a predictable degradation using smaller darknets. Although the mix of IBR components evolves, our observations are consistent over time. Our case studies highlight the versatility of IBR and help establish guidelines for when researchers should consider using unsolicited traffic for opportunistic network analysis. Based on our experience, IBR may assist in: corroborating inferences made through other datasets (e.g., DHCP lease durations) supplementing current state-of-the art techniques (e.g., IPv4 address space utilization), exposing weaknesses in other datasets (e.g., missing router interfaces), identifying abused resources (e.g., open resolvers), testing Internet tools by acting as a diverse traffic sample (e.g., uptime heuristics), and reducing the number of required active probes (e.g., path change inferences). In nearly every case study, IBR improves our analysis of an Internet-wide behavior. We expect future studies to reap similar benefits by including IBR
Incentivizing and evaluating internet-wide network measurements
The Internet’s size is a primary challenge to researchers attempting to capture its properties. Inferences are therefore often based on available measurements, which may be biased due to the measurement process. We seek to understand the dependence of sampling methodology on two network measurement projects. We examine the potential of Mechanical Turk (MTurk) to guide the selection of samples by country and reward. As a proof-of-concept, we design an IPv6 adoption experiment disguised as a human intelligence task. Using 75 dollars, we obtain an IPv6 adoption estimate that differed by less than 3 percent of public estimates. From this initial success and analysis of the price sensitivity, we attempt a crowd-sourced approach to obtain representative measurements of Internet source address validation. However, this second experiment violated MTurk’s terms of service. We therefore perform a per-country sampling analysis of nine years of existing source validation data from the Spoofer project. We conclude that conventional sampling methods do not properly characterize the data, primarily due to the changing nature of the underlying population during the collection period.Approved for public release; distribution is unlimited.Lieutenant, Turkish Coast Guardhttp://archive.org/details/incentivizingnde109454139
The 3rd workshop on active internet measurements (AIMS-3) report
On February 10-12, 2011, CAIDA hosted the third Workshop on Active Internet Measurements (AIMS-3) as part of our series of Internet Statistics and Metrics Analysis (ISMA) workshops. As with the previous two AIMS workshops, the goals were to further our understanding of the potential and limitations of active measurement research and infrastructure in the wide-area Internet, and to promote cooperative solutions and coordinated strategies to address future data needs of the network and security research communities. For three years, the workshop has fostered interdisciplinary conversation among researchers, operators, and government, focused on analysis of goals, means, and emerging issues in active Internet measurement projects. The first workshop emphasized discussion of existing hardware and software platforms for macroscopic measurement and mapping of Internet properties, in particular those related to cybersecurity. The second workshop included more performance evaluation and data-sharing approaches. This year we expanded the workshop agenda to include active measurement topics of more recent interest: broadband performance; gauging IPv6 deployment; and measurement activities in international research networks.</jats:p
Tracking IPv6 evolution
Exhaustion of the Internet addressing authority's (IANA) available IPv4 address space, which occurred in February 2011, is finally exerting exogenous pressure on network operators to begin to deploy IPv6. There are two possible outcomes from this transition. IPv6 may be widely adopted and embraced, causing many existing methods to measure and monitor the Internet to be ineffective. A second possibility is that IPv6 languishes, transition mechanisms fail, or performance suffers. Either scenario requires data, measurement, and analysis to inform technical, business, and policy decisions. We survey available data that have allowed limited tracking of IPv6 deployment thus far, describe additional types of data that would support better tracking, and offer a perspective on the challenging future of IPv6 evolution.</jats:p
Adaptive network traffic management for multi user virtual environments
Multi User Virtual Environments (MUVE) are a new class of Internet application with a significant user base. This thesis adds to our understanding of how MUVE network traffic fits into the mix of Internet traffic, and how this relates to the application's needs.
MUVEs differ from established Internet traffic types in their requirements from the network. They differ from traditional data traffic in that they have soft real-time constraints, from game traffic in that their bandwidth requirements are higher, and from audio and video streaming traffic in that their data streams can be decomposed into elements that require different qualities of service. This work shows how real-time adaptive measurement based congestion control can be applied to MUVE streams so that they can be made more
responsive to changes in network conditions than other real-time traffic and existing MUVE clients. It is shown that a combination of adaptive congestion control and differential Quality of Service (QoS)
can increase the range of conditions under which MUVEs both get sufficient bandwidth and are Transport Control Protocol (TCP) fair.
The design, implementation and evaluation of an adaptive traffic management system is described. The system has been implemented in a modified client, which allows the MUVE to be made TCP fair without changing the server
Underneath the hood
I recently published this essay on CircleID on my thoughts on ICANN's recent decision to launch .XXX and the larger new gTLD program this year. Among other observations, I describe how .XXX marks a historical inflection point, where ICANN's board formally abandoned any responsibility to present an understanding of the ramifications of probable negative externalities ("harms") in setting its policies. That ICANN chose to relinquish this responsibility puts the U.S. government in the awkward position of trying to tighten the few inadequate controls that remain over ICANN, and leaves individual and responsible corporate citizens in the unenviable yet familiar position of bracing for the consequences.</jats:p
- …
